Encrypting Web.Config using RSAProtectedConfigurationProvider in SharePoint

Overview:

One of the most common uses of the protected configuration is to encrypt connection strings in web.confg (that's one of the reasons for creating a separate tag for connection strings instead of adding it in appSettings tag). Adding this connection string as plain text is not the best practice for sharepoint web application security and this might cause serious hacking problems. Sharepoint also support for encrypting and decrypting configuration sections in web.config file. In this article, we will explore how to encrypt and decrypt sections of the web.config. We can encrypt the configuration sections by using two built-in providers: DPAPI (Windows Data Protection API) Provider or the RSA provider. The RSA provider (default) uses an RSA key which holds public and private keys, where as the DPAPI provider uses built-in machine-specific key. Let us explore the steps required to encrypt the sections using RSA.

Step 3: Sign the assembly with the strong name and deploy in the GAC.Step 4: Define the custom section in the Web.Config file

Note: "AmitKumar.Web.UI.CustomUpdateProfileSection" is the name of the class. "AmitKumar" is the name of the Assembly.Step 5: Now add two buttons to the page, called btnEncrypt and btnDecrypt. We will use these buttons to encrypt and decrypt the sections of the web.config file. Add the following code in the button click event of the two buttons:

Categories

About Me

Based in Bangalore, INDIA, Amit is a MCC. He has an MCA from the U.P.T.U., INDIA and holds Microsoft certifications including SharePoint 2007/2010/2013. He is an contributor to MSDN and http://amitkumarmca04.blogspot.com/. Amit have experience in SharePoint,ASP.Net with C#, Classic ASP, VB,Macros,HTML,JavaScript,JSON,BootStrap and AngularJS.